server {<!--

	✘ HTTPS || ✘ forceHTTPS --><span ng-if="!isHTTPS() || !isForceHTTPS()">
	listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}80;<!--

	✔ IPv6 --><span ng-if="isIPv6()">
	listen [{{ data.ipv6 }}]:80;</span></span><!--

	✔ HTTPS --><span ng-if="isHTTPS()">
	listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}443 ssl{{ isHTTP2() ? ' http2' : '' }};<!--

	✔ IPv6 --><span ng-if="isIPv6()">
	listen [{{ data.ipv6 }}]:443 ssl{{ isHTTP2() ? ' http2' : '' }};</span></span>

	server_name {{ isWWW() ? 'www.' : '' }}{{ domain() }};<!--

	✔ PHP --><span ng-if="isPHP()">
	set $base {{ data.path ? data.path : '/var/www/' + domain() }};
	root $base{{ data.document_root }};</span><!--

	✘ PHP --><span ng-if="!isPHP()">
	root /var/www/{{ domain() }}{{ data.document_root }};</span><!--

	✔ HTTPS --><span ng-if="isHTTPS()">

	# SSL
	ssl_certificate {{ sslCertificate() }};
	ssl_certificate_key {{ sslCertificateKey() }};<!--

	✔ Let's Encrypt --><span ng-if="isCertLetsEncrypt()">
	ssl_trusted_certificate /etc/letsencrypt/live/{{ domain() }}/fullchain.pem;</span></span><!--

	✔ access log domain || error log domain --><span ng-if="isAccessLogDomain() || isErrorLogDomain()">

	# logging<!--
	✔ access log domain --><span ng-if="isAccessLogDomain()">
	access_log {{ accessLogDomainPath() }};</span><!--
	✔ error log domain --><span ng-if="isErrorLogDomain()">
	error_log {{ errorLogDomainPath() }};</span></span><!--

	✔ index.php --><span ng-if="isIndexPHP()">

	# index.php
	index index.php;</span><!--

	✔ Fallback HTML || ✔ Fallback PHP --><span ng-if="(isFallbackHTML() || isFallbackPHP()) && (!isProxy() || data.proxy_path !== '/')">

	# {{ isFallbackHTML() ? 'index.html' : ( isFallbackPHP() ? 'index.php' : '' ) }} fallback
	location / {
		try_files $uri $uri/ {{ isFallbackHTML() ? '/index.html' : ( isFallbackPHP() ? '/index.php?$query_string' : '' ) }};
	}</span><!--

	✔ Fallback HTML && ✔ Fallback PHP --><span ng-if="isFallbackHTML() && isFallbackPHP()">

	# index.php fallback
	location ~ ^{{ data.fallback_php_path }} {
		try_files $uri $uri/ /index.php?$query_string;
	}</span><!--

	✔ Reverse proxy --><span ng-if="isProxy()">

	# reverse proxy
	location {{ data.proxy_path }} {
		proxy_pass {{ data.proxy_pass }};<!--

		✔ modularized --><span ng-if="isModularized()">
		include nginxconfig.io/proxy.conf;</span><!--

		✔ unified --><span ng-if="isUnified()">
<!-- -->	<ng-include ng-include-tabs="3" src="'templates/conf/nginxconfig.io/proxy.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></ng-include></span>
	}</span><!--

	✔ PHP --><span ng-if="isPHP()">

	# handle .php
	location ~ \.php$ {<!--

	✔ modularized || ✔ WordPress --><span ng-if="isModularized() || isWordPress()">
		include nginxconfig.io/php_fastcgi.conf;</span><!--

	✔ unified && ✘ WordPress --><span ng-if="isUnified() && !isWordPress()">
	<ng-include ng-include-tabs="{{ isUnified() ? 3 : 1 }}" src="'templates/conf/nginxconfig.io/php_fastcgi.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></ng-include></span>
	}</span><!--

	✔ unified --><span ng-if="isModularized()">
</span><!--



	✔ modularized --><span ng-if="isModularized()">
	include nginxconfig.io/general.conf;</span><!--

	✔ modularized && ✔ WordPress --><span ng-if="isModularized() && isWordPress()">
	include nginxconfig.io/wordpress.conf;</span><!--

	✔ modularized && ✔ Drupal --><span ng-if="isModularized() && isDrupal()">
	include nginxconfig.io/drupal.conf;</span><!--



	✔ unified --><span ng-if="isUnified()">

<!-- --><ng-include ng-include-tabs="2" src="'templates/conf/nginxconfig.io/general.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></ng-include></span><!--

	✔ unified && ✔ WordPress --><span ng-if="isUnified() && isWordPress()">

<!-- --><ng-include ng-include-tabs="2" src="'templates/conf/nginxconfig.io/wordpress.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></ng-include></span><!--

	✔ unified && ✔ Drupal --><span ng-if="isUnified() && isDrupal()">

<!-- --><ng-include ng-include-tabs="2" src="'templates/conf/nginxconfig.io/drupal.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></ng-include></span>
}<!--



✔ CDN --><span ng-if="isCDN()">

# CDN
server {
	listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }};<!--

	✔ IPv6 --><span ng-if="isIPv6()">
	listen [{{ data.ipv6 }}]:{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }};</span>

	server_name cdn.{{ domain() }};
	root /var/www/{{ domain() }}{{ data.document_root }};<span ng-if="!isAccessLog()">

	access_log off;</span><!--

	✔ HTTPS --><span ng-if="isHTTPS()">

	# SSL
	ssl_certificate {{ sslCertificate() }};
	ssl_certificate_key {{ sslCertificateKey() }};<!--

	✔ Let's Encrypt --><span ng-if="isCertLetsEncrypt()">
	ssl_trusted_certificate /etc/letsencrypt/live/{{ domain() }}/fullchain.pem;</span></span>

	# disable access_log
	access_log off;<!--

	✔ Gzip --><span ng-if="isGzip()">

	# gzip
	gzip on;
	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_types {{ gzipTypes }};</span>

	# allow safe files
	location ~* \.(?:{{ extensions.assets }}|{{ extensions.fonts }}|{{ extensions.svg }}|{{ extensions.images }}|{{ extensions.audio }}|{{ extensions.video }}|{{ extensions.docs }})$ {
		add_header Access-Control-Allow-Origin "*";
		add_header Cache-Control "public";
		expires 30d;
	}

	# deny everything else
	location / {
		deny all;
	}
}</span><!--



✔ redirect --><span ng-if="isRedirect()">

# {{ isWWW() ? 'non-www, ' : '' }}subdomains redirect
server {
	listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }};<!--

	✔ IPv6 --><span ng-if="isIPv6()">
	listen [{{ data.ipv6 }}]:{{ isHTTPS() ? '443 ssl' : '80' }}{{ isHTTP2() ? ' http2' : '' }};</span>

	server_name {{ isWWW() ? ('.' + domain()) : ('*.' + domain()) }};<!--

	✔ HTTPS --><span ng-if="isHTTPS()">

	# SSL
	ssl_certificate {{ sslCertificate() }};
	ssl_certificate_key {{ sslCertificateKey() }};<!--

	✔ Let's Encrypt --><span ng-if="isCertLetsEncrypt()">
	ssl_trusted_certificate /etc/letsencrypt/live/{{ domain() }}/fullchain.pem;</span></span>

	return 301 http{{ isHTTPS() ? 's' : '' }}://{{ isWWW() ? 'www.' : '' }}{{ domain() }}$request_uri;
}</span><!--



✔ forceHTTPS --><span ng-if="isForceHTTPS()">

# HTTP redirect
server {
	listen {{ data.ipv4 !== '*' ? data.ipv4 + ':' : '' }}80;<!--

	✔ IPv6 --><span ng-if="isIPv6()">
	listen [{{ data.ipv6 }}]:80;</span>

	server_name .{{ domain() }};<!--

	✔ modularized && ✔ Let's Encrypt --><span ng-if="isModularized() && isCertLetsEncrypt()">

	include nginxconfig.io/letsencrypt.conf;</span><!--

	✔ unified && ✔ Let's Encrypt --><span ng-if="isUnified() && isCertLetsEncrypt()">

<ng-include ng-include-tabs="2" src="'templates/conf/nginxconfig.io/letsencrypt.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></ng-include></span><!--

	✔ Let's Encrypt --><span ng-if="isCertLetsEncrypt()">

	location / {
		return 301 https://{{ isWWW() ? 'www.' : '' }}{{ domain() }}$request_uri;
	}</span><!--

	✘ Let's Encrypt --><span ng-if="!isCertLetsEncrypt()">

	return 301 https://{{ isWWW() ? 'www.' : '' }}{{ domain() }}$request_uri;</span>
}</span>
